Guys, POW in nostr is a dead end!
Yes, I get it, it removes all the spam ... now. But as soon as 5s of ASIC POW can get your spam to millions of users while the equivalent time on a cellphone is 5 weeks, it will be irrelevant.
Discussion
totally agree with this. someone on javascript client, is like a million times less slower than someone using an asic for same time/investment or coputation. PoW is not a level playing field here. Nostr will grow by trusing some, and ignoring spam.
I think the mistake here is thinking everyone needs to mine, like there's some rope everybody needs to jump. PoW will only affect those spamming not legitimate users like you and I.
Why do you think everyone needs to mine?
what's your solution? everyone already knows the problem
I don't agree with requiring POW in the public key. But it could be added as a one-time challenge when a client connects to a relay. Or on each message (but too much overhead).
With [Nostroid](https://chat.nostr.info/) I'm working on that solution. You only see what was authored by follows of follows of follows ... and what they comment on. It makes the experience of each user sort of invite-only but extended to 10k users or maybe even 1M users.
don't most clients work this way already?
The biggest twitter spam issue isnāt your main feed, itās the replies to tweets in your main feed. Thatās where the bots are the biggest problem on twitter today - bloat and low quality replies that devalue conversation and create annoying reply notifications.
And as for more public forums like chat and perhaps reddit like topics with replies, they would be pretty dead without the random public peopleās contributions. Three degree separation is pretty small across moderate to niche topics or chats.
I did not say 3 degrees. Grow it as necessary but keep it "invite only". If new accounts with zero follows can make it into your experience, you're open to spam. If you see only the "closest" 1 million authors, you should be almost spam free.
My LinkedIn is filled with effectively bot accounts. They seem real, but itās low grade and all within three degrees. And they look like real enough, at follow or accept connection point I have no way to really know. And worse, I have colleagues who accepted them and make them seem more legit.
That's where I need a negative signal, too. Public block lists, ways to disregard somebody's follows or only consider the first 100 follows each, etc.
Most of the spam I get on Twitter is from accounts that have not even any followers. Of course you can grow accounts to enter people's social graph but those losely connected can be identified. An impersonator marked as 5th degree contact would have a hard time pretending to be somebody I assume to be following already.
testing replies. please disregard.
Dumping my thoughts here:
1. Look at public chat only on relays that filter spam effectively,
2. Spam filtering tools in clients (banning a key will probably be ineffective, but matching content patterns should work)
3. Friends of friends
4. Everybody buy ASICs! š
lmao, no then youāll just pay one of these asics to do pow for you.
Itās not meant to be a full protection mechanism. Itās meant to make something thatās near infinity cheap (like sending emails), have a small proof of cost.
There then can be a market value where a spam message may have a $0.005 return based on clicks and people you steal money from. If clients opt in to requiring above that for event pow, you kill the mass spam use case economically.
Does that prevent all spam. No. Does it prevent targeted phishing. No. Is a single pow min value the same for everyone or every case. No. If the spam is at cost and just noise, again no protection as sender isnāt trying to make money.
And you ignore pow derivatives. A single high pow event could be ranked down to a max score. A sum over time shows value over time. And interactions with other high pow can have a similar to page rank to give value to others you/they interact with.
People could still farm and sell higher (aggregate) pow accounts. Just like WOW accounts or similar. But no different to selling a twitter or instagram account today.
I put this together last night: Adaptive PoW using a PID controller.
A client could use this on a global feed to automatically filter incoming events so that the rate of events remains under control.
This PoW requirement would only be applied to non-follows so only posts from strangers should probably be counted.
Shoot, here's the link: https://observablehq.com/d/295d8a1c6f7b07f9